[messaging] WhatsApp & OWS team up

Wasa Bee wasabee18 at gmail.com
Thu Nov 20 02:29:36 PST 2014


I am confused: if whatsapp *really* does E2E encryption so even *they*
cannot snoop on messages in bulk (i.e. at scale without doing it per-user)
and therefore cannot mine the data, why did Facebook spend 19Billion $ for
it? Is this a gift to the world? Are there at least metadata they can glean
from it? Or is it just that having yet another app running on people's
phone gives them more data to crunch throu?

Whatsapp currently has 600M users [0] paying 1$/year, so within 7/8 years
or less (since user base will likely grow) Facebook will have recovered as
much as they've spent for the purchase. Is this why Facebook does not care
about whatsapp data?

[0]
http://www.statista.com/statistics/260819/number-of-monthly-active-whatsapp-users/

On Wed, Nov 19, 2014 at 10:40 AM, Mike Hearn <mike at plan99.net> wrote:

> I'm just curious: I'd not trust the communication via WhatsApp is secure
>> because of its closed source, Android, Google Keyboard and everything else,
>> but when you say WhatsApp E2E encryption is pretty close to intercept-proof
>> for all governments but the US, how do you suggest they can intercept the
>> messages? By choosing weak keys?
>>
>
> Force Facebook to do a key rotation on the target account with a MITM
> controlled key. In practice that just means get a court order.
>
> The question is not "can they intercept WhatsApp communications" as the
> answer is clearly yes. It's "who can make them do it". The UK in particular
> has been making noises lately about getting a lot more aggressive with
> Silicon Valley tech companies and forcing them to basically give GCHQ
> everything, all the time. Cameron is dumb enough he might actually try
> this, whatever the costs. It boils down entirely to a question of politics
> and commerce - how much leverage does a country have over Facebook?
>
> Note that given everything was SSL protected before, and WhatsApp I
> believe does not log messages so could not provide past messages anyway
> (except perhaps if they were buffering up waiting to be delivered?) and
> keys can be changed at any time or forward security disabled entirely for
> certain user populations without them knowing .... then using the
> TextSecure protocol inside SSL doesn't actually change much immediately. I
> see it more as a useful next step, that can be built upon to achieve more
> impactful change in future.
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141120/79831566/attachment.html>


More information about the Messaging mailing list